On 22 Mar 2001 10:57:14 -0800, Mike Fedyk wrote: > In a way, 2.2 already had something similar. Masq+Masq_ftp.
Weeeeellllllllll ... ish ... > You can even masq only ftp, and get the benifit. Though, this is a > workaround, it does help. Yes, but only if you're doing masquerading. I run quite a tight firewall on my local machine, which isn't doing masq or nat for anything. I run ip_conntrack_ftp and ip_conntrack_irc, and this way, I can say "allow all RELATED connections", so every FTP transfer, every DCC transfer, will get marked as related, so I can allow everything without needing to open all my high ports. See how this is 10,000 times better than: a) ipchains, and b) statelessness? :) d -- Daniel Stone Linux Kernel Developer [EMAIL PROTECTED] -----BEGIN GEEK CODE BLOCK----- Version: 3.1 G!>CS d s++:- a---- C++ ULS++++$>B P---- L+++>++++ E+(joe)>+++ W++ N->++ !o K? w++(--) O---- M- V-- PS+++ PE- Y PGP>++ t--- 5-- X- R- tv-(!) b+++ DI+++ D+ G e->++ h!(+) r+(%) y? UF++ ------END GEEK CODE BLOCK------
